Dotnetnuke 3.1.x < 9.6.0 / 5.0.x < 9.6.0 / 6.0.x < 9.6.0 / 7.0.x < 9.6.0 Multiple Vulnerabilities (09.06.00)

critical Nessus Plugin ID 137055

Synopsis

An ASP.NET application running on the remote web server is affected by multiple vulnerabilities.

Description

According to its self-reported version, the instance of Dotnetnuke running on the remote web server is 3.1.x prior to 9.6.0, 5.0.x prior to 9.6.0, 6.0.x prior to 9.6.0, or 7.0.x prior to 9.6.0. It is, therefore, affected by multiple vulnerabilities.

- Modules that were discarded to the recycle bin were still able to respond to API calls to their endpoints, which could result in data uploads and other interactions that would go unnoticed since the module was not visually displayed. Mitigating Factors This only impacted modules that are using the WebAPI interface following the DNN Security protocols (which is a smaller subset of modules). Additionally, interactions are still bound by all other security rules, as if the module was placed on the page. Fix(es) for This Issue An upgrade to DNN Platform version 9.5.0 or later is required Affected Versions DNN Platform Versions 6.0.0 through 9.4.4 (2020-01)

- A malicious user may be able to replace or update files with specific file extensions with content of their selection, without being authenticated to the website.
Fix(es) for This Issue To remediate this issue an upgrade to DNN Platform Version (9.5.0 or later) is required. Affected Versions DNN Platform Versions 5.0.0 through 9.6.0 Acknowledgements The DNN Community thanks the following for identifying the issue and/or working with us to help protect Users Robbert Bosker of DotControl Digital Creatives Related CVE: CVE-2019-19790 (2020-02)

- A number of older JavaScript libraries have been updated, closing multiple individual security notices.
Fixes for the Issue Due to the nature of the elements included, and their usage with DNN Platform an upgrade to DNN Platform 9.5.0 or later is the only resolution for this issue.. Affected Versions DNN Platform version 6.0.0 through 9.4.4 (2020-03)

- A malicious user may upload a file with a specific configuration and tell the DNN Platform to extract the file. This process could overwrite files that the user was not granted permissions to, and would be done without the notice of the administrator. Fix(es) for This Issue The only proper fix for this issue is to upgrade to DNN Platform 9.6.0 or later. Affected Versions DNN Platform version 5.0.0 through 9.5.0. (It is believed this may affect 3.x and 4.x installations as well, but has not been verified) (2020-05)

- A malicious user may utilize a process to include in a message a file that they might not have had the permission to view/upload, and with the methods that the DNN File system works they may be able to gain access to this file. Mitigating Factors Installations configured using the Secure folder type would not have the file contents disclosed. This is the recommended manner to guarantee file security for confidential documents as it is the only method that provides a secure file check at download. Fix(es) for This Issue Upgrading to DNN Platform version 9.6.0 or later is required to mitigate this issue. Acknowledgements The DNN Community would like to thank the following for their assistance with this issue. Connor Neff Affected Versions DNN Platform version 7.0.0 through 9.5.0. (2020-06)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Dotnetnuke version 9.6.0 or later.

See Also

https://nvd.nist.gov/vuln/detail/CVE-2019-19790

Plugin Details

Severity: Critical

ID: 137055

File Name: dotnetnuke_9_6_0.nasl

Version: 1.4

Type: remote

Family: CGI abuses

Published: 6/3/2020

Updated: 6/5/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus

Enable CGI Scanning: true

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2019-19790

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:dotnetnuke:dotnetnuke

Required KB Items: installed_sw/DNN

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No known exploits are available

Patch Publication Date: 5/7/2020

Vulnerability Publication Date: 5/7/2020

Reference Information

CVE: CVE-2019-19790